[Snort-inline-users] Re: problem with 2.1.x

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

problem solved... I was using an old conf file hacked
up from std snort... here is the diff in case anyone
else ever comes across this... I'm sure those in the
know can point out the offending line:
(test=my broken conf file, src=conf from snort_inline
src tree)
diff test src
> preprocessor stream4: disable_evasion_alerts
> preprocessor stream4_reassemble
< preprocessor http_decode: 80 unicode iis_alt_unicode
double_encode iis_flip_slash full_whitespace
< preprocessor conversation: allowed_ip_protocols all,
timeout 60, max_conversations 32000
> preprocessor bo
< preprocessor bo: -nobrute

Earl

--- unor <uno...@ya...> wrote:
> Running RedHat 8.0 with kernel 2.6.1 compiled from
> scratch.
> 
> If I compile/Run snort_inline 2.0.5 all's well...
> 
> If I compile/Run 2.1.x (2.1.0 and 2.1.0a) I get the
> following:
> 
> Starting snort_inline: Reading from iptables
> Running in IDS mode
> Log directory = /var/log/snort_inline/200401
> Initializing Inline mode
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Setting the Packet Processor to decode packets from
> iptables
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file
> /etc/snort_inline/snort_inline.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ERROR:  unknown preprocessor "??_decode"
> Fatal Error, Quitting..
> 
> Any ideas?
> Thanks.
> 
> Earl
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free web site building tool.
> Try it!
> http://webhosting.yahoo.com/ps/sb/
> 

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/